CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27621
https://notcve.org/view.php?id=CVE-2021-27621
09 Jun 2021 — Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name. Una vulnerabilidad de divulgación de información en la aplicación UserAdmin en SAP NetWeaver Application Server para Java, versiones - 7.11,7.20,7.30,7.31,7.40 y 7.50, permite a atacantes acceder a información restringida al ingresar el nombre del servidor malicioso • https://launchpad.support.sap.com/#/notes/3023299 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27615
https://notcve.org/view.php?id=CVE-2021-27615
09 Jun 2021 — SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks. SAP Manufacturing Execution: versiones 15.1, 1.5.2, 15.3, 15.4, no contienen algunos encabezados de seguridad HTTP en su respuesta HTTP. El atacante puede ser explotado por la falta de estos encabezados en respuesta para ejecutar ataques de tipo cross-site ... • https://launchpad.support.sap.com/#/notes/3030961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 3CVE-2021-21473 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2021-21473
09 Jun 2021 — SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. SAP NetWeaver AS ABAP y ABAP Platform, versiones - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contiene el módulo de función SRM_RFC_SUBMIT_REPORT que no comprueba la autorizació... • https://packetstorm.news/files/id/167229 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-21490
https://notcve.org/view.php?id=CVE-2021-21490
09 Jun 2021 — SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user. SAP NetWeaver AS para ABAP (Web Survey), versiones: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F,... • https://launchpad.support.sap.com/#/notes/3004043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33668
https://notcve.org/view.php?id=CVE-2021-33668
09 Jun 2021 — Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. Debido a una saneamiento inapropiado de entrada, un usuario no autenticado puede ser inyectado unas consultas LDAP especialmente diseñadas. Esto podría impactar parcialmente la confidencialidad de la aplicación • https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27622 – SAP NetWeaver ABAP IGS Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27622
09 Jun 2021 — SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP Internet Graphics Se... • https://launchpad.support.sap.com/#/notes/3021050 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27620 – SAP NetWeaver ABAP IGS Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27620
09 Jun 2021 — SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP Internet Graphics Service, versiones - 7... • https://launchpad.support.sap.com/#/notes/3021050 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27623
https://notcve.org/view.php?id=CVE-2021-27623
09 Jun 2021 — SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP Internet Graphics Service, v... • https://launchpad.support.sap.com/#/notes/3021050 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27629 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27629
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In ... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27625 – SAP NetWeaver ABAP IGS Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27625
09 Jun 2021 — SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP Internet Graphics Service, versio... • https://launchpad.support.sap.com/#/notes/3021050 • CWE-787: Out-of-bounds Write •